Discussion in 'Admin Announcements and Site Help' started by greco, Feb 25, 2019.
This issue is a serious pain in the dick.
So this issue... there was some confusion. Apparently, this is done by design, but not strictly by choice. When a site has a SSL certificate, and a non-SSL site attempts to communicate with it, most browsers shut down the communication as a security feature. Chrome and Firefox are prime examples of this behavior and it's why images from non secure sites won't show here anymore.
We've started (and this part is new to me which is why I didn't say before) to force ALL links to be https. This bug was actually a feature. We're doing so for 2 reasons. First, leaving insecure communication avenues on the site is a security hole, and second, I'm told that Chrome and other browsers will soon start blocking non secure sites, so we're doing this ahead of the change.
Bottom line: the links on site will continue to be loaded https. Sorry for taking so long to come to the conclusion
Is there any chance that "insecure" simply means "not us".
Sorry to suspect conspiracy, but big-fish-eat-little-fish seems to be the standard business model these days.
Correct me, I know nothing.
No. Or at least.... it's not a conspiracy on our part. If Google has ulterior motives I can't prove them, but they really led the charge on HTTPS conversion. The threat of getting your site demoted in Google Search rankings is not taken lightly
But really it's just meant to make things more secure. Less chance of anything being stolen if all communication is encrypted
Here is what I am offering the VS core IT team instead of the approach they've taken here:
Guys....just google Secure Socket Layer. It's an old security technology that a vast majority of sites use for all sorts of reasons. SSL is all tied into Certificates (CA) that are required on the specific ports used on secure transactions and such. What I just mentioned is extremely simplistic and pared down because no one really has to know this unless you're Administering a network either publicly or privately. So take it for what it is.
@LexxM3 , thanks a bunch. I 've been out of the game for too long to even remember how to setup an AD in an MS environment....never mind the tech you're talking about...haha.
Talked with techs. We don't force the non-sll links to be HTTPS as a way of protecting you guys, but as a way to protect the site. With how our SSL works, even having the HTTP links on the site invalidates our own security certificate. Having that "are you sure?" message wouldn't be a sufficient block in the communication to get around that hurdle.
@GCAdmin1 I don't understand the specifics of this but I appreciate all that is being done to eliminate the frustration for the user.
@LexxM3 Thanks for all the time and energy you have put into helping with this.
Thanks for the info. I don’t run your systems so I can’t comment on that level of detail with any precision, but with all due respect, the approach you’ve taken is wrong simply because it breaks the forum and it breaks the internet. Focus on security is a nobble cause, but not “at all cost” when it kills the baby in the bath. You need to go back to the drawing board, as “simple” as that.
I'll pass the sentiments on.
Separate names with a comma.